Introduction
Ransomware has become another prevalent catastrophe in the civilized world. Increased technology use across all economic sectors has made people vulnerable to cybercrimes. Ransomware is a form of malware that invaders use to encrypt files released after the victim pays some money. The crime has been identified globally as a kidnapping that encompasses control of another person’s useful files for financial gain. Victims are assigned a specific deadline to pay the ransom in exchange for the decryption of their files. The estimated ransom varies depending on people and organizations whose security has been jeopardized in a particular scenario. A recent case was in May 2021, when an attack temporarily destroyed the Colonial Pipeline Company’s network. The attack impacted gasoline costs and availability in the region. The malicious act was one of the numerous cases reported to the Federal Bureau of Investigation annually.
Losses associated with the crime have surpassed more than $29 million. However, Federal Law has formulated and implemented various proactive measures to mitigate ransomware attacks globally. The Computer Fraud and Abuse Act is one of the laws invented that has been prosecuting law offenders. Developers and users of this malware are liable for trial in a court of law. Moreover, victims who reimburse the ransoms may also be prosecuted to some extent. For instance, when an individual compensates funds knowingly to a terrorist group or one supposed to be sanctioned by the Department of the Treasury, he may be subject to trial. Cyber security laws have also been effective in preventing and mitigating these attacks across the globe. Implemented policies intend to assist both public and private entities operating in prone areas to cybercrimes. This paper will critically explore how Ransomware has become a common norm globally. Additionally, it will evaluate the benefits associated with outlawing ransomware attacks. It will illustrate a certain theoretical interpretation by adapting various essential models.
Literature review
According to Alsulami (2021, p. 213), Ransomware is a form of malware used by invaders to affect another person’s computer by encrypting their files and asking for ransom in exchange. Most people have become victims of this form of Cybercrime because they are forced to pay a certain amount for the perpetrator to provide them with a private key that decrypts their files. Intruders are intelligent and set a certain time limit to instigate fear and intimidation on the victims (Hassan, 2019, p. 208). Moreover, the ransom depends on the individual or organization in question. The criticality of the files may also affect the incurred expenses. Some victims are forced to pay because they are in dire need of their documents. However, the FBI condemns paying the ransom when affected by these attacks because it does not offer a complete assurance that the data will be recovered by the organization or individual (Hassan, 2019, p. 210). Furthermore, intruders become motivated enough to target more victims because they have experienced increased returns when conducting the malicious act. Perpetrators also have sufficient funds to recruit and compensate more people in this illegal industry.
According to Hofmann (2020, p.16), federal law has criminalized ransomware attacks by applying several proactive measures which limit unlawful computer-oriented activities. The Computer Fraud and Abuse Act has been recently applied to mitigate this global catastrophe. The guideline has condemned various computerized malicious attacks and ransomware cases concurrently. The Department of Justice in the United States applies the law when prosecuting ransomware law offenders (Hassan, 2019, p. 205). The provision condemns any crime that enhances soliciting funds in interstate or foreign markets in exchange for a decrypting key to access their information. In addition to encrypting files, the criminals may breach a computer system, steal their confidential data and threaten to publicize it to outside parties if they are not paid the required ransom. The felonies are subject to fines or imprisonment of up to five years for first offenders (Dey et al., 2021). However, subsequent offenses incur ten years of imprisonment. Law offenders may also be limited access to government computers.
The government has also provided a platform that facilitates ransom recovery in such cases for an illegally-acquired property. According to Hofmann (2020, p. 15), double extortion ransomware attacks may violate other laws depending on the stolen information. Its nature will play a significant role when prosecuting offenders in a court of law. For instance, the Economic Espionage Act criminalizes any theft of business secrets that the owner has decided to seclude from public access (Hassan, 2019, p. 203). Stealing trade secrets is a crime according to this guideline.
According to Hofmann (2020, p. 13), ransomware crime guidelines may put malware developers and transmitters on trial despite not being the main perpetrators of the committed crime. For instance, developers are guilty of developing these tools for sale or hire to law offenders who carry out ransomware cyberattacks. Conspiracy may also be another regulation when prosecuting malware developers (Dey et al., 2021). They have agreed to commit an offense by conspiring with other individuals in the industry. Their knowledge of the crime makes them liable for punishment in ransomware attacks cases.
It may seem inappropriate but paying a ransom is not an offense in some scenarios. Some people may argue that the best technique for addressing ransomware attacks is by making it illegitimate for organizations to compensate the criminals. Victims will seek other interventions to address the issue, while criminals will seek easier and less risky techniques of defrauding people (Westbrook, 2021). The notion of outlawing ransomware payments may initially be appealing but may demonstrate certain inefficiencies when addressing particular economic sectors. Public service firms have a legal duty to serve communities and relevant shareholders. Therefore, a guideline that threatens to fine a firm, staff, or particular department may be criticized and neglected by people. That aside, it seems odd to prosecute the victim who was merely safeguarding his privacy and that of others (Westbrook, 2021). It is difficult to convince the public how an individual who has saved an organization millions of dollars is put on trial by the same federal law condemning ransomware attacks globally.
Benefits of outlawing ransomware payments
Despite these claims, numerous benefits are associated with outlawing ransomware payments on individuals or organizations jeopardized by the attack. When referring to ransomware attacks, making payments may not always be the right solution. Research revealed that 40% of IT security experts agree that paying ransom for one’s sensitive data should be prohibited (Calder, 2021). First, individuals are not guaranteed to receive their confidential data (Cartwright et al., 2019). Furthermore, cybercriminals may have similar copies and monetize the information despite receiving the requested ransom. Outlawing the act is appropriate. However, relevant authorities should establish a robust department of professionals to maintain security and create awareness among the public (Jenkinson, 2022).
Recently, ransomware attacks have increased on municipal governments, crippling their IT operations and robbing them of millions of dollars. For instance, Lake City paid approximately $500,000 after relentlessly trying to recover its sensitive data but failed (Baksi et al., 2022). However, they were defrauded, and some of their information may have been monetized on the dark web. According to Cartwright et al. (2019), ransomware payments increase the criminals’ morale to engage in a similar malicious act. Outlawing payments should be implemented to address this global catastrophe. Hackers utilize the solicited funds to expand their operations by recruiting more people in the industry. Research shows that ransomware payments have developed in the Dark Web market now (Paquet-Clouston et al., 2019). Banning the activity may be the most effective strategy to safeguard companies and individuals while prosecuting cybercriminals.
Business enterprises that pay the ransom are more prone to ransomware attacks in the future. A hacker that has already received ransom from a specific company will target the organization severally to solicit additional funds using different forms of malware. According to Paquet-Clouston et al. (2019), criminals target significant personal records, which may affect a company’s daily operations and reputation in the long run. As long as an opportunity exists, the hackers will not cease until they get what they want. Outlawing these payments effectively mitigates ransomware attacks that may jeopardize an individual’s or company’s reputation. Insurance plans are meaningless because they facilitate this payment (Paquet-Clouston et al., 2019). Criminalizing these payments is the only solution that will mitigate the crisis. Moreover, coverage may escalate the amount of ransom when hackers are aware of the amount paid to cover a certain cyber-related crime.
According to Jenkinson (2022), hackers still have access to sensitive data despite ransom payment and decryption of the files. They may still intimidate victims and threaten to monetize the information on inappropriate websites. Organizations handling vital and sensitive consumers’ personal information such as; home addresses and credit card information should be banned from paying ransoms in case of such attacks. Outlawing payments will limit such access that may ruin people’s lives and reputations. According to Baksi et al. (2022), hackers may provide the wrong key, which fails to decrypt the victims’ files. The key may be correct but malfunctioning, which affects its use in the scenario. Double encryption is another strategy these perpetrators apply, which may affect the decryption process (Jenkinson, 2022). Compatibility may be another factor that affects an individual’s data recovery activity. Outlawing payments is the most practical technique to address the international crisis effectively.
Proactive measures for mitigating ransomware attacks
Organizations and individuals are now more vulnerable to ransomware attacks than ever in human history. Increased internet use has demonstrated the significance of formulating and implementing various defense mechanisms to address this crisis. According to Cartwright et al. (2019), immediate email threats require updated and ever-changing measures to mitigate these attacks and prosecute cybercriminals. Government security officials are responsible for addressing any technical or human niches that increase ransomware attacks globally. One of the solutions may be to install a spam filter detection system in organizations. The software will block any probable intimidating message or attachments that may cause an attack (Jenkinson, 2022). Companies should develop a sophisticated firewall system to protect their sensitive data. When a user opens a mischievous link or attachment, the advanced network system will flag this issue and cease the attack (Paquet-Clouston et al., 2019).
According to Jenkinson (2022), user-awareness training is another effective tactic that will inform individuals and organizations how hackers jeopardize their information. Professionals should show users some of the indicators of malicious attachments. Dynamic analysis helps people detect malware which is conveyed as emails to victims. Cloud backup can help secure sensitive data after the onset of a ransomware attack in a company’s system (Cartwright et al., 2019). Creating awareness will help us as a society when digitally defending ourselves from hackers. Cybercriminals will always find more devious tactics and vulnerable victims in the future. Therefore, consistent training will safeguard businesses, citizens, and governments to address this menace.
Conclusion
In conclusion, this paper has effectively addressed ransomware attacks and their devastating impacts on the international market. Moreover, the review has explored some of the pros of outlawing ransomware payments in case of attacks. Ransomware attacks are financially steered cybercrimes where hackers encrypt victims’ sensitive data to exchange monetary funds. Hackers set a deadline to ensure the victims are intimidated enough and promptly seek the required payments. Paying ransoms does not guarantee data decryption or freedom from similar crimes in the future. This is why outlawing the payments may be an effective solution when addressing the global catastrophe. Ransomware payments motivate perpetrators to expand their operations and lure more victims.
Furthermore, the funds may be utilized in funding other criminal activities such as terrorism. Some organizations hold essential public information which may jeopardize their safety and wellbeing. Paying ransom makes people vulnerable to cybercriminals. They may fail to decrypt your data or provide non-compatible keys to specific computers. Victims will be solicited more funds because they are in dire need of their confidential information. In some scenarios, victims may be prosecuted by a court of law if they pay ransom used for terrorist or other crimes. Their knowledge of how the funds will be used will be evaluated in a tribunal before making any final verdict.
Bibliography
Alsulami, A.A., 2021. High-performance classification model to identify ransomware payments for heterogeneous bitcoin networks. Electronics, 10(17), p.213.
Baksi, R. & Upadhyaya, S., 2022. Game-theoretic analysis of Ransomware: A preliminary study. Proceedings of the 8th International Conference on Information Systems Security and Privacy.
Calder, A., 2021. The ransomware threat landscape.
Cartwright, E., Hernandez Castro, J. & Cartwright, A., 2019. To pay or not: Game-theoretic models of Ransomware. Journal of Cybersecurity, 5(1).
Dey, D. & Lahiri, A., 2021. Should we outlaw ransomware payments? Proceedings of the Annual Hawaii International Conference on System Sciences.
Hassan, N.A., 2019. Responding to ransomware attacks. Ransomware Revealed, pp.203–212.
Hofmann, T., 2020. How organisations can ethically negotiate ransomware payments. Network Security, 2020(10), pp.13–17.
Jenkinson, A., 2022. Ransomware lessons being learned…. Ransomware and Cybercrime, pp.17–22.
Paquet-Clouston, M., Haslhofer, B. & Dupont, B., 2019. Ransomware payments in the Bitcoin ecosystem. Journal of Cybersecurity, 5(1).
Westbrook, A., 2021. A safe harbor for ransomware payments: Protecting stakeholders, hardening targets, and defending national security. SSRN Electronic Journal.